SSL.com

Which Code Signing Certificate do I Need? EV or OV?

You probably already know that a code signing certificate from SSL.com will assure users that your software is from a known and trusted developer, free from unauthorized modifications and malware, and safe to install.

SSL.com offers code signing certificates at both the Organization Validation (OV), and Extended Validation (EV) levels. What’s the difference?

What is Organization Validation (OV)?

Organization Validated (OV) and Individual Validated (IV) certificates require more validation than DV certificates, but provide more trust. For these types, the CA will verify the actual organization or individual person that is attempting to get the certificate. The organization’s or individual’s name is also listed in the certificate, giving added trust that both the website and its owner are reputable.

OV certificates are often used by corporations, governments and other entities that want to provide an extra layer of confidence to their visitors. Aside from SSL/TLS certificates, OV and IV are also commonly used for code signingdocument signingclient authentication, and S/MIME email certificates. For more information, please refer to SSL.com’s OV and IV requirements.

An IV + OV code signing certificate displays both a personal name and an organizational/company name on the digital signature. The dual validation increases the trust level that this certificate is able to provide for the signed software.

What is Extended Validation (EV)?

Extended validation or EV certificates provide the maximum amount of trust to visitors, and also require the most effort by the CA to validate. Per guidelines set by the CA/Browser Forum, extra documentation must be provided to issue an EV certificate (as described in SSL.com’s EV requirements). As with OV, EV lists the company name in the certificate itself. EV certificates may only be issued to businesses and other registered organizations, not to individuals.

An EV code signing certificate is required to sign Windows 10 drivers and provides an instant SmartScreen reputation boost. If you’re not sure which code signing certificate you need, please read this FAQ.

An IV + EV code signing certificate provides the highest validation for the identity of an individual software and with a lengthier expiration date than a regular IV code signing cert.

SSL.com’s Code Signing certificates are an economical way to protect your code from unauthorized tampering and compromise, and are available for as little as $64.50 per year.

ORDER NOW

So, which code signing certificate should you buy? The short answer is that EV code signing certificates are more expensive, but offer a higher initial Microsoft SmartScreen reputation level, and are required for signing Windows 10 drivers.

If you’d like to learn more, read on to find out about:

Summary Table
EV IV + EV OV IV + OV IV
Sign Windows 10 Drivers
Sign pre-Windows-10 Drivers
Instant Microsoft SmartScreen Reputation
Two-factor Authentication with USB Token or Cloud Signing Service
Available to Individuals Without a Registered Business
Trusted on Major Software Platforms
Individual Identity in Signature
Organization Identity in Signature

Windows 10 Drivers

An OV certificate may be used to sign drivers for versions of Windows before Windows 10.
Don’t let this happen to your users!
 

Microsoft SmartScreen Reputation

According to Microsoft’s FAQ, its reputation-based SmartScreen filter “checks the files that you download against a list of files that are well known and downloaded by many people who use Internet Explorer. If the file that you’re downloading isn’t on that list, SmartScreen will warn you.”

Signing your code is not required to earn a SmartScreen reputation, but EV-signed code’s extra level of trust lets developers skip this hurdle altogether:

Unfortunately, Microsoft does not publish guidelines on what constitutes enough downloads to eliminate SmartScreen warnings. Microsoft has also indicated in the past that signing code is a “best practice” that you “can follow to help establish and maintain reputation for your applications.”

Authentication and Key Storage

Validation Requirements

Supported Platforms

* Apple Developer ID certificates, issued by Apple, are required to distribute software through the macOS app store and satisfy macOS’s default Gatekeeper settings for software installation (which can be overridden by users if necessary). However, SSL.com code signing certificates may be used to sign files like profiles and policies on macOS. Furthermore, all apps on non-jailbroken iOS devices must be signed by an Apple-issued certificate.

Ordering and Installing Code Signing Certificates

Thank you for choosing SSL.com! If you have any questions, please contact us by email at Support@SSL.com, call 1-877-SSL-SECURE, or just click the chat link at the bottom right of this page.
Exit mobile version